Governments the world over are making and implementing policy, serious thought needs to be given to cyber and digital threats, and how these can be brought into the equation. In this short article we discuss the increasing role of cybersecurity at a nation state governmental level, and how this is influenced and shaped every more by global factors.
Not a day goes by when we don’t see yet another cyber-attack, many of these against or directly affecting a country’s Critical Network Infrastructure (CNI). In this short article we discuss some of the macro governmental and state level issues that often are not fully discussed by cyber professionals and indeed smaller organisations.
We start by quoting the famous American Cryptographer Bruce Schneier, Cyber, Privacy and now Lecturer in Public Policy at the Harvard Kennedy School:
“Today, technology and policy are deeply intertwined,” Schneier said here. “Today, technology makes de facto policy that is more influential than any law, and law is trying to catch up with technology. It is no longer sustainable for technology and policy to be in different worlds.”
The synthesis of this is that understanding the public policy landscape helps security and business leaders to stay prepared for new trends and requirements. In the modern connected world. Schneier also advocates a closer fusion between cyber and public policy technologists to ensure the wider national and global Cyberspace is managed with due respect for technology neutral systems that can be used for both good and bad by both citizens and the state.
Now stepping back from the future, let us look at some of today’s drivers for the need for good public policy around cyber and digital evolution.
Drivers SHAPING Government Policy
Many factors can shape public policy towards cybersecurity (and indeed Digital programmes) these include, but are not limited to:
- Industrial attacks viruses, malware
- International law and political changes
- Ransomware attacks
- Nation state attacks/Cyberwarfare
- Cyber espionage, IP theft
- Human infiltrators into organisations
- Lobbying from Cyber and Digital Professional Groups (GFCyber et al)
Alongside these run the increasing proliferation of “Digital” in all its forms that is now inextricably linked to society, industry and cybersecurity.
linking together public policy and cyber policy
Almost every country in the developed world now has a national cyber ministry or overarching governmental department (UK, NCSC, Kingdom of Saudi Arabia NCA, CITC et al) that creates and disseminates public policy.
Each country is addressing the challenge of aligning public policy with cyber and digital policy in its own way, just as companies tackle the issue individually. The approaches vary even among leading countries identified by the Global Cybersecurity Index (GCI), an initiative of the United Nations International Telecommunications Union. The way in which they do this varies to reflect their political and legal philosophy, national government structures, and how far government powers are devolved to state or local authorities. They also reflect public awareness and how broadly countries define national security—as well as technical capabilities among policy makers.
Within the United Kingdom, National Cyber Security Centre (NCSC) is also widely cited as a model for Government leaders who are increasingly aware that promoting prosperity and protecting national security includes providing cybersecurity. That means demonstrating that a nation, state, region, or city is a safe place to live and do business online. And it includes deterring cyberattacks, preventing cyber-related crime, and protecting critical national infrastructure.
HOW OUR ROLE AT GFC CYBER CAN ASSIST AND PROMOTE
For cyber professionals and organisations understanding the policy landscape helps security and business leaders to stay prepared for new trends and requirements. For us at GFCyber, and from its objectives, you will clearly see that as Policy Experts and Researchers we have a core purpose in helping to foster and shape a closer collaboration between “State, Industry and Academia”. All core components that public policy needs to help develop a better and closer alignment and understanding.
Many of us will directly work with our respective countries’ public bodies or ministries already, and other may now wish to investigate how they can get better involved and see cyber and digital through that much bigger macro level lens. The choice is yours to decide. I have listed some useful sources below that can help you get on your way. Enjoy!
Digital risk, including cyber risk, is now a pervasive and serious concern. Government leaders need to understand and take account of cyber risk in the strategic policy decisions they make. Here at GFCyber we offer some key points of view around this as shown below.
- The world over public policy and cybersecurity are converging. Governments will have to adapt fast with the need to show leadership and advice around cybersecurity for both its citizens and industry
- Cybersecurity threats are one of the main national security, public safety, and economic challenges every nation faces in 21st century. With the growth of connected places (Smart Cities, Stadiums, Events) this will grow exponentially and the role of public policy needs to be aligned, up to date and active.
- The need for a balanced approach. Cybersecurity is important to nations but many other political interests are as well, some of which conflict with the imperatives of cybersecurity. How these trade-offs are inevitable and will have to be accepted through the nation’s political and policy-making processes.
- Government’s role in cybersecurity will only grow as the global demand and dependency on the internet and internet-connected devices continue to increase. With increasing threats and fewer opportunities to fail, governments must rise to the challenge to protect both national security and economic prosperity.
- Government(s) needs to continue to develop a strong and connected relationship between its policy makers and cyber digital experts.
- Cybersecurity professionals need to develop a broader understanding of policy and technological advances and use this in an iterative cyclic manner to help shape and define the flow between themselves, their organisations and governmental policy.
Steven O’Sullivan is the Founder and CEO of Smart Cyber Group, and a policy analyst at the Global Foundation for Cyber Studies and Research. He has more than 20 years of experience helping organizations address their most pressing cyber risk challenges, and working with clients in their digital and cyber transformation programs.